Crypto hacks plunged by roughly 60% in December 2025, but the month was far from safe — according to blockchain security firm PeckShield, about $76 million was lost across the sector, down from roughly $194.3 million in November.
PeckShield tracked approximately 26 major exploits in December. The headline-grabber was an address-poisoning scheme that alone siphoned roughly $50 million from an address labeled 0xcB80…819. In that attack, victims were duped into sending funds to an address nearly identical to a legitimate one — a reminder that human error, not just protocol flaws, powers many big losses.
Other notable incidents included:
- A roughly $27 million drain tied to a multi-signature wallet after a private key leak.
- An approximately $7 million loss linked to a Trust Wallet exploit that exploited a browser extension weakness (some affected users were reportedly in talks about reimbursements).
- About $3.9 million in losses associated with issues on the Flow protocol.
PeckShield noted that a small number of large incidents accounted for most of December’s total, which explains the sharp month-to-month swing. Security teams and some wallets have tightened checks recently, which likely helped reduce the number of massive breaches — but experts warn that this drop in dollar losses doesn’t mean threats have vanished. The same attack techniques remain in play: social-engineering scams that exploit copy/paste mistakes, private-key exposures, and sophisticated intrusions still create major risk.
Why this matters
- Address-poisoning attacks highlight the ongoing danger of human mistakes: a single wrong paste can wipe out a large transfer.
- Private key exposure continues to be a common root cause of big breaches, even for wallets designed to be secure.
- Browser-extension vulnerabilities and wallet integrations remain attractive attack vectors.
What to watch next
Regulators and platform operators are paying closer attention. There’s growing pressure on exchanges and wallet providers to improve protections, offer faster incident responses, and consider reimbursement policies after compromises are discovered.
Practical takeaways for users
- Double-check destination addresses (prefer copy-and-verify or use address book entries).
- Prefer hardware wallets or well-audited custody solutions for large holdings.
- Limit use of browser extensions for sensitive wallet operations and keep software updated.
- For teams, enforce key-management best practices and consider multi-sig setups with strong operational security.
PeckShield summarized the month’s activity in a January 1 tweet highlighting the 26 major exploits and the ~$76M in losses — a clear signal that while December’s headline totals were lower, the crypto space remains a high-risk environment requiring constant vigilance.
Read more AI-generated news on: undefined/news
